Microsoft releases Security Updates on the 2nd Tuesday of every month. In the “industry” it’s called “Microsoft Super Tuesday.” I usually don’t talk about it much because it’s been happening for years and under most normal circumstances your Windows machine will Auto-Update using Windows Update or WSUS if you have a Corporate machine.
Once in a Blue Moon Microsoft will release a security patch “out of band.” It’s only happened once this year (not counting yesterday’s release) so when they do it, it’s pretty serious.
So…that brings us to MS08-078. Yesterday, Microsoft released Security Updates for Internet Explorer 7 and Today for Internet Explorer 8 and Server 2008 SP2 Beta.
For a list of all the patches for all the various Windows Client and Windows Server Versions as well as x86 and x64, take a look at this link http://www.microsoftpost.com/?s=kb960714 over at microsoftPost.
This release is particularly nasty because all you have to do is visit a Malicious Website which has the Exploit code OR visit a Website which has been hacked and is now running the Exploit code. When you visit the site, the code will use the Internet Explorer Security Vulnerability and Tadaa. Your Machine is compromised.
As of yesterday afternoon, my source at Microsoft said they were “aware” of ~6000 websites which were hosting the malicious code (and growing.) With that in mind, they pulled the trigger on the “out of band” patch.
To get updated, most users will only need to visit Windows Update and are MOST LIKELY already patched.
If you want to VERIFY that you have been patched:
Note: Screen Shots taken from Windows XP and IE7.
1. Open Internet Explorer and Click Tools, Windows Update
2. Click Custom
3. Verify or Check Radio Buttons on the Patches you want to install (KB960714 or MS08-078 in my Screenshot) and Click Review and Install Updates
Follow the prompts from there, and you should be golden. The IE patch I mentioned above (MS08-078 or KB960714) requires a reboot so be prepared for that and Save any open documents or work you might have open.
Windows Vista is very similar however once you launch Windows Update from Internet Explorer, it will take you to a built-in Windows Update menu inside Windows Vista (there is no website like XP.) From there, it’s very simple to get around and install the update process.
I hope that gets everyone on the right track! HAPPY GROOVY PATCHING!